The U.S. Treasury Department (U.S. Treasury Dept) has disclosed that a state-sponsored actor from China managed to infiltrate the department, accessing government employees’ workstations and unclassified documents. This revelation was made public by the Biden administration on Monday.
The breach was detected after recent findings that China had compromised U.S. telecommunications networks, eavesdropping on officials’ phone and text communications. According to a letter sent to lawmakers, the Treasury was informed of the hack on December 8 by BeyondTrust, a third-party software provider. The hacker exploited a security key to gain remote access to specific Treasury workstations and the documents held there.
The letter confirms, “Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor.” Under Treasury policy, these breaches are categorized as major cybersecurity incidents.
In response, the Treasury Department, in collaboration with the F.B.I., the intelligence community, and other forensic experts, has been evaluating the breach’s impact. They have since taken the compromised service offline, asserting there is no current evidence that the Chinese state actor maintains access to Treasury’s data.
A spokesperson for the Treasury emphasized the department’s commitment to safeguarding its systems and data, highlighting ongoing efforts with both private and public sectors to protect the U.S. financial system from cyber threats. While the specific timeline of the hack remains undisclosed, a detailed report is expected to be shared with Congress.
Despite these allegations, China has consistently denied involvement in state-sponsored hacking, promoting instead cybersecurity cooperation with the U.S. This was underscored by recent economic and financial dialogues between the two nations in China.
The incident comes on the heels of another high-profile cyberattack by a group named Salt Typhoon, linked to China’s Ministry of State Security, which breached U.S. telecom systems. This breach allowed access to sensitive communications, including those of former President Donald J. Trump and Senator JD Vance, and revealed U.S. surveillance targets.
In response to these cybersecurity threats, the U.S. Commerce Department has moved to ban operations of China Telecom in the U.S., aiming to curb vulnerabilities in national infrastructure.